Joined: 08 Mar 2008 Posts: 239 Location: Wayne, PA
Posted: Fri Jul 04, 2008 3:12 Post subject:
carpediem wrote:
I had problems with my wireless network (Router : WPA2 Personal Mixed / AES+TKIP) using wpa_supplicant on linux.
After the upgrade, it negociates the key, validades it, but all I get is network unreachable icmp responses.
I've downgraded back to RC7-9396 and I can confirm that wifi network is working as before (I haven't changed a single option since downgrade) and the "Wireless Client MAC List" is working as expected.
If more information is required, just let me know what should I do ;)
Thanks
I'm using WPA2 Personal Mixed / AES with no issues at all.
Read that complete thread for the hairy details on getting this device fully supported, if you are so interested or suffer from insomnia.
hahahaha.
Yea, was a fun ride. Eko gave me a custom bin for those that need to rewrite the extra partition that was overwritten by enabling jffs (prior to it being fixed in subsequent builds) I've wiped my mac address from the file and posting it here for others that require it to revive dead routers. Hex locations are 40~45 according to xvi32
Use these parameters to flash:
-flash:custom /window:1fc00000 /start:1ffe0000 /length:10000
Incidentally, if anyone in the states (I am in NY) needs one of these fixed, drop me a line and you can send it to me to be fixed, or I'll help ya assemble what you need to fix it (if the instructions aren't clear enough)
Also, the instructions incorrectly refer to J12 as JP12 ... sorry, it was late for me and I wasn't paying attention. It is in fact J12.
(PS by Eko: MAC must be inserted in custom-nomac.bin file and file must be renamed to custom.bin before jtaging it.)
After simkiss told me that he couldn't reproduce the issues I was having, I've decided again to try 9856 Eko VPN.
Still same issues happens .. but today I had a bit more patience and decided to narrow down the problem.
Just for information, I have 2 computers <linux both> (one wired, one wifi) and 1 nokia communicator 9500 (wifi, WPA v1 only)
I'm listing my findings separated, since they are distinct issues. I'll be glad to help testing or provide more information in order to make DD-WRT even better ;)
Problem 1
Problem : "Wireless Client MAC List" button, inside the "Edit MAC Filter List" kills httpd.
Router setup: Use filter disabled.
After upgrading again, I've tested this button and, to my surprise, it suddenly works. After a long tests, I've found out that If I have no wifi clients connected, it works aways.
If I have any client connected to the wifi network (my communicator or the wifi-computer), when I press this button (from the wired-computer), it kills httpd.
Firing up httpd on dd-wrt and trying it again, kills the daemon once more. The httpd will die, no matter if I have 1 or 2 wifi clients connected.
Firing up httpd and disconnecting all wifi clients, hitting the button, it works.
Any ideas here ? Can anyone confirm this ? Should I open a bug ticket about this one ?
Problem 2
Problem: After upgrading, I can't connect from the wifi-computer to the wireless network.
Router setup: WPA2 Personal Mixed / TKIP+CCMP , MAC filter disabled
I could still connect from my mobile. Attempting to connect from the computer using WPA v1 also worked.
Since my "normal" setup at my wifi computer is to attempt only WPA v2 (no fallback to v1), I couldn't connect previously.
Trying to identify the problem, I've looked the wpa_supplicant logs when connecting with WPAv1, I've found out that aways the first attempt of authentication timeout and the following one works (sometimes it timeout 2 or 3 times), as you can see on the log :
Code:
<2>Trying to associate with 00:1e:2a:72:88:88 (SSID='carpediem' freq=2452 MHz)
<2>Associated with 00:1e:2a:72:88:88
<2>Authentication with 00:1e:2a:72:88:88 timed out.
<2>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
<2>CTRL-EVENT-SCAN-RESULTS
<2>Trying to associate with 00:1e:2a:72:88:88 (SSID='carpediem' freq=2452 MHz)
<2>Associated with 00:1e:2a:72:88:88
<2>WPA: Key negotiation completed with 00:1e:2a:72:88:88 [PTK=CCMP GTK=TKIP]
<2>CTRL-EVENT-CONNECTED - Connection to 00:1e:2a:72:88:88 completed (auth) [id=0 id_str=]
So then, I've decided to give a try to WPAv2 (with no fallback to WPAv1). It authenticates on the first attempt, but trying to ping anything will result in a " Destination Host Unreachable
". By attempting to reassociate, the next attempt authenticates and I can successfully ping other hosts.
What I've found strange is, WPAv1 clearly doesn't acknowledge a successful authentication on the first attempt (as I've said, sometimes 2 or 3 attemps), and when it does, I have a working connection. WPAv2 doesn't behave like that, as you can check on the following log from wpa_supplicant (I've added the line numbers for a easier explanation) :
Code:
01 <2>Associated with 00:1e:2a:72:88:88
02 <2>WPA: Key negotiation completed with 00:1e:2a:72:88:88 [PTK=CCMP GTK=TKIP]
03 <2>CTRL-EVENT-CONNECTED - Connection to 00:1e:2a:72:88:88 completed (auth) [id=0 id_str=]
04 <2>WPA: Key negotiation completed with 00:1e:2a:72:88:88 [PTK=CCMP GTK=TKIP]
05 reassociate
06 OK
07 <2>CTRL-EVENT-SCAN-RESULTS
08 <2>Trying to associate with 00:1e:2a:72:88:88 (SSID='carpediem' freq=2452 MHz)
09 <2>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
10 <2>Associated with 00:1e:2a:72:88:88
11 <2>WPA: Key negotiation completed with 00:1e:2a:72:88:88 [PTK=CCMP GTK=TKIP]
12 <2>CTRL-EVENT-CONNECTED - Connection to 00:1e:2a:72:88:88 completed (reauth) [id=0 id_str=]
Lines 01 to 04 are displayed when I bring the interface up. If I try to ping anything I get host unreachable.
Line 05 : Manually, I've sent the command for WPA to reassociate
Line 06 : wpa_supplicant acknowledges my command
Line 07 to 12 : debug output for the association
After line 12, I get a working connection.
I've noted that after the reassociate command, lines 11 and 12 were displayed in a different order than before (lines 03 and 04). I have somewhat good knowledge about WPA auth, but I haven't checked the source code for wpa_supplicant to know if this is the reason of my problem or not. I'm going to drop a message to it's developers and I'll keep this thread updated.
I changed routers recently, so I went from ddwrt v24 micro on a wrt54gv5 to ddwrt v24 9856M TNG Eko on Netgear WNR834B v2, along with changing laptop to the macbook pro so I was at a loss about which one was at cause, except I precisely know what works and what doesn't.
Joined: 26 Jun 2007 Posts: 262 Location: Trinidad & Tobago
Posted: Sun Jul 20, 2008 9:21 Post subject:
This hardware looks quite similar to WRT150N which does not support vlans. Does this Netgear WNR834B support VLANS? _________________ [everything is to be replicate]
I've just updated my ndiswrapper to 1.53 and wpa_supplicant to a unreleased version in GIT - using debian packages - and still same issues .. exactly same behavior with WPA and WPA2 as I described above. Still on the thread you mentioned, no one said if 'wpa_cli reassoc' would do the trick for WPA2 or not (sometimes I need to do it more than once )
Eko:
Did you had time to look about the mmc stuff (if there's free GPIO pins for the SD mod) ?
Also I had a look in the OpenVPN server thing in the 9856 build (there's no docs, so I've checked the scripts in the web area), managed to produce the data and save it there (~15k of NVRAM, ouch), but I think that is still under development, because I was surprised to not see any startup script
Which leads me to this other question, if you had the time to think about a JFFS2 enabled vpn build , even if I can't install anything on it, just storing the certs to avoid nvram-wearing problem (as I just mentioned on the irc, one thing is to update a NVRAM setting from "yes" to "no", other thing is to update 15K of data when you change certs) and to store some init.d scripts for my multiple OpenVPN tunnels.
I've tried to build my own, by the development page about building firmware is broken
(I'm willing to contribute with resulting scripts to dd-wrt, but that is going to another thread.)